139 lines
5.4 KiB
Bash
Executable File
139 lines
5.4 KiB
Bash
Executable File
#! /bin/sh
|
|
## Web proxy, following the grand tradition of Web things being handled by
|
|
## gross scripts. Uses netcat to listen on a high port [default 8000],
|
|
## picks apart requests and sends them on to the right place. Point this
|
|
## at the browser client machine you'll be coming from [to limit access to
|
|
## only it], and point the browser's concept of an HTTP proxy to the
|
|
## machine running this. Takes a single argument of the client that will
|
|
## be using it, and rejects connections from elsewhere. LOGS the queries
|
|
## to a configurable logfile, which can be an interesting read later on!
|
|
## If the argument is "reset", the listener and logfile are cleaned up.
|
|
##
|
|
## This works surprisingly fast and well, for a shell script, although may
|
|
## randomly fail when hammered by a browser that tries to open several
|
|
## connections at once. Drop the "maximum connections" in your browser if
|
|
## this is a problem.
|
|
##
|
|
## A more degenerate case of this, or preferably a small C program that
|
|
## does the same thing under inetd, could handle a small site's worth of
|
|
## proxy queries. Given the way browsers are evolving, proxies like this
|
|
## can play an important role in protecting your own privacy.
|
|
##
|
|
## If you grabbed this in ASCII mode, search down for "eew" and make sure
|
|
## the embedded-CR check is intact, or requests might hang.
|
|
##
|
|
## Doesn't handle POST forms. Who cares, if you're just watching HTTV?
|
|
## Dumbness here has a highly desirable side effect: it only sends the first
|
|
## GET line, since that's all you really ever need to send, and suppresses
|
|
## the other somewhat revealing trash that most browsers insist on sending.
|
|
|
|
# set these as you wish: proxy port...
|
|
PORT=8000
|
|
# logfile spec: a real file or /dev/null if you don't care
|
|
LFILE=${0}.log
|
|
# optional: where to dump connect info, so you can see if anything went wrong
|
|
# CFILE=${0}.conn
|
|
# optional extra args to the listener "nc", for instance "-s inside-net-addr"
|
|
# XNC=''
|
|
|
|
# functionality switch has to be done fast, so the next listener can start
|
|
# prelaunch check: if no current client and no args, bail.
|
|
case "${1}${CLIENT}" in
|
|
"")
|
|
echo needs client hostname
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
case "${1}" in
|
|
"")
|
|
# Make like inetd, and run the next relayer process NOW. All the redirection
|
|
# is necessary so this shell has NO remaining channel open to the net.
|
|
# This will hang around for 10 minutes, and exit if no new connections arrive.
|
|
# Using -n for speed, avoiding any DNS/port lookups.
|
|
nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
|
|
2> $CFILE &
|
|
;;
|
|
esac
|
|
|
|
# no client yet and had an arg, this checking can be much slower now
|
|
umask 077
|
|
|
|
if test "$1" ; then
|
|
# if magic arg, just clean up and then hit our own port to cause server exit
|
|
if test "$1" = "reset" ; then
|
|
rm -f $LFILE
|
|
test -f "$CFILE" && rm -f $CFILE
|
|
nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
|
|
exit 0
|
|
fi
|
|
# find our ass with both hands
|
|
test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
|
|
# correct launch: set up client access control, passed along thru environment.
|
|
CLIENT="$1"
|
|
export CLIENT
|
|
test "$CFILE" || CFILE=/dev/null
|
|
export CFILE
|
|
touch "$CFILE"
|
|
# tell us what happened during the last run, if possible
|
|
if test -f "$CFILE" ; then
|
|
echo "Last connection results:"
|
|
cat $CFILE
|
|
fi
|
|
|
|
# ping client machine and get its bare IP address
|
|
CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'`
|
|
test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
|
|
|
|
# if this was an initial launch, be informative about it
|
|
echo "=== Launch: $CLIENT" >> $LFILE
|
|
echo "Proxy running -- will accept connections on $PORT from $CLIENT"
|
|
echo " Logging queries to $LFILE"
|
|
test -f "$CFILE" && echo " and connection fuckups to $CFILE"
|
|
|
|
# and run the first listener, showing us output just for the first hit
|
|
nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
|
|
exit 0
|
|
fi
|
|
|
|
# Fall here to handle a page.
|
|
# GET type://host.name:80/file/path HTTP/1.0
|
|
# Additional: trash
|
|
# More: trash
|
|
# <newline>
|
|
|
|
read x1 x2 x3 x4
|
|
echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
|
|
test "$x4" && echo "extra junk after request: $x4" && exit 0
|
|
# nuke questionable characters and split up the request
|
|
hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'`
|
|
# echo massaged hurl: $hurl >> $LFILE
|
|
hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"`
|
|
hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"`
|
|
test "$hp" = "$hh" && hp=80
|
|
hf=`echo "$hurl" | sed -e "s+[^/]*++"`
|
|
# echo total split: $hh : $hp : $hf >> $LFILE
|
|
# suck in and log the entire request, because we're curious
|
|
# Fails on multipart stuff like forms; oh well...
|
|
if test "$x3" ; then
|
|
while read xx ; do
|
|
echo "${xx}" >> $LFILE
|
|
test "${xx}" || break
|
|
# eew, buried returns, gross but necessary for DOS stupidity:
|
|
test "${xx}" = "
|
|
" && break
|
|
done
|
|
fi
|
|
# check for non-GET *after* we log the query...
|
|
test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
|
|
# no, you can *not* phone home, you miserable piece of shit
|
|
test "`echo $hh | fgrep -i netscap`" && \
|
|
echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
|
|
# Do it. 30 sec net-wait time oughta be *plenty*...
|
|
# Some braindead servers have forgotten how to handle the simple-query syntax.
|
|
# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc...
|
|
echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \
|
|
echo "oops, can't get to $hh : $hp".
|
|
echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
|
|
exit 0
|
|
|